The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new ‘bigmem’ flavor has been added to support big Power machines. (FATE#319026) The following security bugs were fixed :
CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).
CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).
CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).
CVE-2016-7117: Use-after-free vulnerability in the
__sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).
CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).
CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566).
CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).
CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).
CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a ‘double fetch’ vulnerability (bnc#991608).
CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365).
CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689).
CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104 bsc#922947 bsc#968014).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:2976-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(95536);
script_version("3.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-4312", "CVE-2015-7513", "CVE-2015-8956", "CVE-2016-0823", "CVE-2016-3841", "CVE-2016-4998", "CVE-2016-5696", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7117", "CVE-2016-7425");
script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has
been added to support big Power machines. (FATE#319026) The following
security bugs were fixed :
- CVE-2016-7042: The proc_keys_show function in
security/keys/proc.c in the Linux kernel, when the GNU
Compiler Collection (gcc) stack protector is enabled,
uses an incorrect buffer size for certain timeout data,
which allowed local users to cause a denial of service
(stack memory corruption and panic) by reading the
/proc/keys file (bnc#1004517).
- CVE-2016-7097: The filesystem implementation in the
Linux kernel preserves the setgid bit during a setxattr
call, which allowed local users to gain group privileges
by leveraging the existence of a setgid program with
restrictions on execute permissions (bnc#995968).
- CVE-2015-8956: The rfcomm_sock_bind function in
net/bluetooth/rfcomm/sock.c in the Linux kernel allowed
local users to obtain sensitive information or cause a
denial of service (NULL pointer dereference) via vectors
involving a bind system call on a Bluetooth RFCOMM
socket (bnc#1003925).
- CVE-2016-7117: Use-after-free vulnerability in the
__sys_recvmmsg function in net/socket.c in the Linux
kernel allowed remote attackers to execute arbitrary
code via vectors involving a recvmmsg system call that
is mishandled during error processing (bnc#1003077).
- CVE-2016-0823: The pagemap_open function in
fs/proc/task_mmu.c in the Linux kernel allowed local
users to obtain sensitive physical-address information
by reading a pagemap file, aka Android internal bug
25739721 (bnc#994759).
- CVE-2016-7425: The arcmsr_iop_message_xfer function in
drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did
not restrict a certain length field, which allowed local
users to gain privileges or cause a denial of service
(heap-based buffer overflow) via an
ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
- CVE-2016-3841: The IPv6 stack in the Linux kernel
mishandled options data, which allowed local users to
gain privileges or cause a denial of service
(use-after-free and system crash) via a crafted sendmsg
system call (bnc#992566).
- CVE-2016-6828: The tcp_check_send_head function in
include/net/tcp.h in the Linux kernel did not properly
maintain certain SACK state after a failed data copy,
which allowed local users to cause a denial of service
(tcp_xmit_retransmit_queue use-after-free and system
crash) via a crafted SACK option (bnc#994296).
- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel
did not properly determine the rate of challenge ACK
segments, which made it easier for remote attackers to
hijack TCP sessions via a blind in-window attack
(bnc#989152).
- CVE-2016-6480: Race condition in the ioctl_send_fib
function in drivers/scsi/aacraid/commctrl.c in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds access or system crash) by changing a
certain size value, aka a 'double fetch' vulnerability
(bnc#991608).
- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt
implementation in the netfilter subsystem in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging
in-container root access to provide a crafted offset
value that leads to crossing a ruleset blob boundary
(bnc#986365).
- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel
did not reset the PIT counter values during state
restoration, which allowed guest OS users to cause a
denial of service (divide-by-zero error and host OS
crash) via a zero value, related to the
kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions
(bnc#960689).
- CVE-2013-4312: The Linux kernel allowed local users to
bypass file-descriptor limits and cause a denial of
service (memory consumption) by sending each descriptor
over a UNIX socket before closing it, related to
net/unix/af_unix.c and net/unix/garbage.c (bnc#839104
bsc#922947 bsc#968014).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1000189"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1001419"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1002165"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003077"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003344"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003568"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003677"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003866"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003925"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1004517"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1004520"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1005857"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1005896"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1005903"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1006917"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1006919"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1007944"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=763198"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=771065"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=799133"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=803320"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=839104"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=843236"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=860441"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=863873"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=865783"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=871728"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=907611"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=908458"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=908684"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=909077"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=909350"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=909484"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=909618"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=909994"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=911687"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=915183"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=920016"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=922634"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=922947"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=928138"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=929141"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=934760"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=951392"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=956514"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=960689"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=963655"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=967716"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=968010"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=968014"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=971975"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=971989"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=973203"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=974620"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=976867"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=977687"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=979514"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=979595"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=979681"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=980371"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=982218"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=982783"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=983535"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=983619"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=984102"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=984194"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=984992"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=985206"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986337"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986362"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986365"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986445"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=987565"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=988440"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=989152"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=989261"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=989764"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=989779"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=991608"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=991665"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=991923"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=992566"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=993127"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=993890"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=993891"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994296"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994436"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994618"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994759"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994926"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=995968"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=996329"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=996664"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=997708"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=998399"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=998689"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999584"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999600"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999907"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999932"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2013-4312/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-7513/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-8956/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-0823/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-3841/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-4998/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-5696/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-6480/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-6828/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7042/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7097/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7117/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7425/"
);
# https://www.suse.com/support/update/announcement/2016/suse-su-20162976-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?eecf460c"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-kernel-12869=1
SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-kernel-12869=1
SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
slexsp3-kernel-12869=1
SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-kernel-12869=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/08");
script_set_attribute(attribute:"patch_publication_date", value:"2016/12/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/05");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"kernel-default-man-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-devel-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-source-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-syms-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-devel-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-88.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-88.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
novell | suse_linux | kernel-ec2 | p-cpe:/a:novell:suse_linux:kernel-ec2 |
novell | suse_linux | kernel-ec2-base | p-cpe:/a:novell:suse_linux:kernel-ec2-base |
novell | suse_linux | kernel-ec2-devel | p-cpe:/a:novell:suse_linux:kernel-ec2-devel |
novell | suse_linux | kernel-pae | p-cpe:/a:novell:suse_linux:kernel-pae |
novell | suse_linux | kernel-pae-base | p-cpe:/a:novell:suse_linux:kernel-pae-base |
novell | suse_linux | kernel-pae-devel | p-cpe:/a:novell:suse_linux:kernel-pae-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4312
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7425
www.nessus.org/u?eecf460c
bugzilla.suse.com/show_bug.cgi?id=1000189
bugzilla.suse.com/show_bug.cgi?id=1001419
bugzilla.suse.com/show_bug.cgi?id=1002165
bugzilla.suse.com/show_bug.cgi?id=1003077
bugzilla.suse.com/show_bug.cgi?id=1003344
bugzilla.suse.com/show_bug.cgi?id=1003568
bugzilla.suse.com/show_bug.cgi?id=1003677
bugzilla.suse.com/show_bug.cgi?id=1003866
bugzilla.suse.com/show_bug.cgi?id=1003925
bugzilla.suse.com/show_bug.cgi?id=1004517
bugzilla.suse.com/show_bug.cgi?id=1004520
bugzilla.suse.com/show_bug.cgi?id=1005857
bugzilla.suse.com/show_bug.cgi?id=1005896
bugzilla.suse.com/show_bug.cgi?id=1005903
bugzilla.suse.com/show_bug.cgi?id=1006917
bugzilla.suse.com/show_bug.cgi?id=1006919
bugzilla.suse.com/show_bug.cgi?id=1007944
bugzilla.suse.com/show_bug.cgi?id=763198
bugzilla.suse.com/show_bug.cgi?id=771065
bugzilla.suse.com/show_bug.cgi?id=799133
bugzilla.suse.com/show_bug.cgi?id=803320
bugzilla.suse.com/show_bug.cgi?id=839104
bugzilla.suse.com/show_bug.cgi?id=843236
bugzilla.suse.com/show_bug.cgi?id=860441
bugzilla.suse.com/show_bug.cgi?id=863873
bugzilla.suse.com/show_bug.cgi?id=865783
bugzilla.suse.com/show_bug.cgi?id=871728
bugzilla.suse.com/show_bug.cgi?id=907611
bugzilla.suse.com/show_bug.cgi?id=908458
bugzilla.suse.com/show_bug.cgi?id=908684
bugzilla.suse.com/show_bug.cgi?id=909077
bugzilla.suse.com/show_bug.cgi?id=909350
bugzilla.suse.com/show_bug.cgi?id=909484
bugzilla.suse.com/show_bug.cgi?id=909618
bugzilla.suse.com/show_bug.cgi?id=909994
bugzilla.suse.com/show_bug.cgi?id=911687
bugzilla.suse.com/show_bug.cgi?id=915183
bugzilla.suse.com/show_bug.cgi?id=920016
bugzilla.suse.com/show_bug.cgi?id=922634
bugzilla.suse.com/show_bug.cgi?id=922947
bugzilla.suse.com/show_bug.cgi?id=928138
bugzilla.suse.com/show_bug.cgi?id=929141
bugzilla.suse.com/show_bug.cgi?id=934760
bugzilla.suse.com/show_bug.cgi?id=951392
bugzilla.suse.com/show_bug.cgi?id=956514
bugzilla.suse.com/show_bug.cgi?id=960689
bugzilla.suse.com/show_bug.cgi?id=963655
bugzilla.suse.com/show_bug.cgi?id=967716
bugzilla.suse.com/show_bug.cgi?id=968010
bugzilla.suse.com/show_bug.cgi?id=968014
bugzilla.suse.com/show_bug.cgi?id=971975
bugzilla.suse.com/show_bug.cgi?id=971989
bugzilla.suse.com/show_bug.cgi?id=973203
bugzilla.suse.com/show_bug.cgi?id=974620
bugzilla.suse.com/show_bug.cgi?id=976867
bugzilla.suse.com/show_bug.cgi?id=977687
bugzilla.suse.com/show_bug.cgi?id=979514
bugzilla.suse.com/show_bug.cgi?id=979595
bugzilla.suse.com/show_bug.cgi?id=979681
bugzilla.suse.com/show_bug.cgi?id=980371
bugzilla.suse.com/show_bug.cgi?id=982218
bugzilla.suse.com/show_bug.cgi?id=982783
bugzilla.suse.com/show_bug.cgi?id=983535
bugzilla.suse.com/show_bug.cgi?id=983619
bugzilla.suse.com/show_bug.cgi?id=984102
bugzilla.suse.com/show_bug.cgi?id=984194
bugzilla.suse.com/show_bug.cgi?id=984992
bugzilla.suse.com/show_bug.cgi?id=985206
bugzilla.suse.com/show_bug.cgi?id=986337
bugzilla.suse.com/show_bug.cgi?id=986362
bugzilla.suse.com/show_bug.cgi?id=986365
bugzilla.suse.com/show_bug.cgi?id=986445
bugzilla.suse.com/show_bug.cgi?id=987565
bugzilla.suse.com/show_bug.cgi?id=988440
bugzilla.suse.com/show_bug.cgi?id=989152
bugzilla.suse.com/show_bug.cgi?id=989261
bugzilla.suse.com/show_bug.cgi?id=989764
bugzilla.suse.com/show_bug.cgi?id=989779
bugzilla.suse.com/show_bug.cgi?id=991608
bugzilla.suse.com/show_bug.cgi?id=991665
bugzilla.suse.com/show_bug.cgi?id=991923
bugzilla.suse.com/show_bug.cgi?id=992566
bugzilla.suse.com/show_bug.cgi?id=993127
bugzilla.suse.com/show_bug.cgi?id=993890
bugzilla.suse.com/show_bug.cgi?id=993891
bugzilla.suse.com/show_bug.cgi?id=994296
bugzilla.suse.com/show_bug.cgi?id=994436
bugzilla.suse.com/show_bug.cgi?id=994618
bugzilla.suse.com/show_bug.cgi?id=994759
bugzilla.suse.com/show_bug.cgi?id=994926
bugzilla.suse.com/show_bug.cgi?id=995968
bugzilla.suse.com/show_bug.cgi?id=996329
bugzilla.suse.com/show_bug.cgi?id=996664
bugzilla.suse.com/show_bug.cgi?id=997708
bugzilla.suse.com/show_bug.cgi?id=998399
bugzilla.suse.com/show_bug.cgi?id=998689
bugzilla.suse.com/show_bug.cgi?id=999584
bugzilla.suse.com/show_bug.cgi?id=999600
bugzilla.suse.com/show_bug.cgi?id=999907
bugzilla.suse.com/show_bug.cgi?id=999932
www.suse.com/security/cve/CVE-2013-4312/
www.suse.com/security/cve/CVE-2015-7513/
www.suse.com/security/cve/CVE-2015-8956/
www.suse.com/security/cve/CVE-2016-0823/
www.suse.com/security/cve/CVE-2016-3841/
www.suse.com/security/cve/CVE-2016-4998/
www.suse.com/security/cve/CVE-2016-5696/
www.suse.com/security/cve/CVE-2016-6480/
www.suse.com/security/cve/CVE-2016-6828/
www.suse.com/security/cve/CVE-2016-7042/
www.suse.com/security/cve/CVE-2016-7097/
www.suse.com/security/cve/CVE-2016-7117/
www.suse.com/security/cve/CVE-2016-7425/